The ssh tools don't export the operations (signing, checking signatures). I looked into teases them out out of the code, for example authfd.c has the signing code. One could create a command to bootstrap an authenticated session and then hand it off to the browser. Bridging auth to unlocked keys available in client side session state (like ssh-agent) is a good thing. Hooking it into some browsers is intentionally difficult. Which is one reason why Liberty was designed to allow "zero-install" on the clients/browsers. - ben
On Tuesday, October 15, 2002, at 03:54 AM, Dirk-Willem van Gulik wrote: > > > On Mon, 14 Oct 2002, Ian Holsman wrote: > >> I was wondering if anyone knows of something (preferably using >> openSSH) >> which would allow Apache to authenticate via a SSH keypair. > >> what i would like ideally is for the browser to use the >> passwords/pass-phrases of the ssh-agent running on the local machine >> to execute something remotely without the middleman (web-server) >> requiring to know the passphrase/private key of the user > > I've once had to do this - but it was hard to get it working > properly/perform decently - as, if you are not careful, the negotiation > needs to be done again and again. > > If all you want is making sure that the web server does not know the > password; there are a lot of one way crypt/digest things one can do to > solve that. Even standard crypt()ed passwords go a long way. > > Dw > >
